Hi
I looking for something to find attackers ip and block it in firewall. I use shorewall, and I just installed snort, but I can not find anything about how to talk snort with shorewall, like if snort will find attacker ips say HEY SHOREWALL BLOCK IT "DO IT DO IT...!" and plus some notification would be awesome. I find snortsam but there is no how to install it on gentoo, I found also snort_inline but seems is not a snort actually separate package.
thanks for help
michal
Well, if it were me, I could append ip_whatever to /etc/shorewall/blacklist and do a shorewall refresh.
Of course that assumes you have enabled blacklist in interfaces net options.
Now think about that for awhile. You can windup with quite a list of ip addresses.
You could feed the ip addy to whois and get the NetRange: value and use it instead.
yeah true, so far I do this method, but I need something advanced , I need also some notification. The Snort seems nice , I compiled snort inline use inline flag during emerging of snort, but I do not have idea how to use it, because there is no howto. I found only snort_inline documentations but its a separate package and is totally different .
I do not expect anyone to write a book , this is a group to ask a questions ONLY. But some little how to should be exists somewhere, if snort is able to compile into a inline so it means that some human did that so there suppose to be how to use it.
Snort itself is a profession. Don't expect anyone on a news server to write a book about it.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.